Why can the local administartor access a site collection?
-
09-12-2019 - |
Question
I'm stumped by an access phenomenon because I am not sure how the permisssons for accessing a site collection work in this specific scenario:
Even though I shouln't be able to do so, I am accessing my site collection via Webbrowser logged on as my built-in local windows administrator (BUILTIN/Administrator) (who is also a farm administrator).
- BUILTIN/Administrator is not a site collection admin
- BUILTIN/Administrator is not a member in any site collection group
And according to this technet documentation by Microsoft I shouldn't be allowed to access my site collection! Can someone explain how come I can still access my site collection anyway?
All other user accounts that are members of the windows administrators group get the access denied error. Only BUILTIN/Administrator does not.
I'm currently doing security consulting work and need clearity on this issue.
Note: I am using a SharePoint 2010 Foundation standalone installation on Windows Server 2008 R2 Standard.
Solution
Check your web application user policy and see if builtin\administrators have full control.